CVE-2005-0235Insufficient Visual Distinction of Homoglyphs Presented to User in Browser

CWE-1007Insufficient Visual Distinction of Homoglyphs Presented to User13 documents8 sources
Severity
5.0MEDIUMNVD
EPSS
0.6%
top 29.34%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Opera Browser
Timeline
PublishedMay 2
Latest updateMay 1

Description

The International Domain Name (IDN) support in Opera 7.54 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-fvfw-wwvf-2x7q: The International Domain Name (IDN) support in Opera 72022-05-01
CVEList
CVE-2005-0235: The International Domain Name (IDN) support in Opera 72005-02-07

💥Exploits & PoCs

1
Exploit-DB
LHA 1.x - Remote Buffer Overflow / Directory Traversal2004-04-30

📋Vendor Advisories

1
Red Hat
security flaw2005-04-06

📐Framework References

2
CWE
Insufficient Visual Distinction of Homoglyphs Presented to User
CAPEC
Homograph Attack via Homoglyphs

💬Community

6
Bugzilla
CVE-2005-1038 security flaw2018-08-16
Bugzilla
CAN-2005-1038 vixie-cron information leak2005-07-21
Bugzilla
CVE-2005-1038 vixie-cron information leak2005-06-29
Bugzilla
CAN-2005-1038 vixie-cron information leak2005-04-20
Bugzilla
CAN-2005-1038 vixie-cron information leak2005-04-14
CVE-2005-0235 — Opera Browser vulnerability | cvebase